Just recently, PayGate, confirmed that a security breach had occurred on their systems sometime in August. PayGate is an online payment service provider. They claim private credit card and banking details were leaked during this breach. Fortunately, PayGate claims they do not store personal addresses or ID numbers, but do store emails on file. So it is possible that the credit card numbers that were leaked could be matched up with corresponding email addresses. PayGate claims that banks and credit card associations are closely monitoring the credit card numbers that were leaked, and will contact the cardholders directly if they deem it necessary. PayGate does recommend that their customers check their monthly statements carefully, and report any suspicious behavior to the bank immediately. PayGate also said that their Payment Card Industry (PCI) assessment company has conducted a test on their systems and that PayGate has passed all tests.
Analysis:
With the emergence of hackers and other cyber criminals it is hard to keep a company completely safe from security breaches. It looks like PayGate did conduct the necessary steps to ensure that their customers were safe from credit card fraud by contacting the banks and credit card associations and letting them know of the cards that were stolen so that the banks and credit card associations could monitor these cards for fraudulent activity. This breach could have been avoided by placing a strong firewall to protect the internal information from hackers and other outsiders. Having a firewall in place makes it harder for hackers to get into the company’s network. Also, it looks like PayGate could have maybe encrypted all the numbers of the credit cards they had on file, or at least the first 12 digits of the credit card numbers they had on their computers, sort of like a receipt you would receive from a store where you bought stuff from with a credit card. In regard, to the email addresses that were also leaked, PayGate could have probably encrypted all the information after the “@” sign on an email address. For example, maybe having an email on the company computers that looks more like this – Jim89274@*******.***.
Just recently, PayGate, confirmed that a security breach had occurred on their systems sometime in August. PayGate is an online payment service provider. They claim private credit card and banking details were leaked during this breach. Fortunately, PayGate claims they do not store personal addresses or ID numbers, but do store emails on file. So it is possible that the credit card numbers that were leaked could be matched up with corresponding email addresses. PayGate claims that banks and credit card associations are closely monitoring the credit card numbers that were leaked, and will contact the cardholders directly if they deem it necessary. PayGate does recommend that their customers check their monthly statements carefully, and report any suspicious behavior to the bank immediately. PayGate also said that their Payment Card Industry (PCI) assessment company has conducted a test on their systems and that PayGate has passed all tests.
Analysis:
With the emergence of hackers and other cyber criminals it is hard to keep a company completely safe from security breaches. It looks like PayGate did conduct the necessary steps to ensure that their customers were safe from credit card fraud by contacting the banks and credit card associations and letting them know of the cards that were stolen so that the banks and credit card associations could monitor these cards for fraudulent activity. This breach could have been avoided by placing a strong firewall to protect the internal information from hackers and other outsiders. Having a firewall in place makes it harder for hackers to get into the company’s network. Also, it looks like PayGate could have maybe encrypted all the numbers of the credit cards they had on file, or at least the first 12 digits of the credit card numbers they had on their computers, sort of like a receipt you would receive from a store where you bought stuff from with a credit card. In regard, to the email addresses that were also leaked, PayGate could have probably encrypted all the information after the “@” sign on an email address. For example, maybe having an email on the company computers that looks more like this – Jim89274@*******.***.